System and Method for Bouncing Failure Analysis

ABSTRACT

A method for analyzing fault modes that may cause a fault is presented in which a multi-point analysis may be performed to identify multi fault modes that are interrelated in causing the fault. The method provides for easy and systematic switching from a top-down to bottom-up approaches of analysis to insure accurate and easy to perform multi-point analysis of the related fault modes.

FIELD OF INVENTION

This invention relates to failure mode effects and causes analysis—amethod for root cause studies, failure effect and risk analysis, defectsprevention and failures mitigation, i.e. products, projects, servicesand processes (in short, Object Under Analysis or OUA) improvement.

BACKGROUND OF THE INVENTION

Traditional methods for analysis of failures in a system, Failure ModeEffect Analysis (FMEA) and Fault Tree Analysis (FTA), have three maindifferences: boundaries of the analysis, direction of analysis, andpresentation of the analysis process and results. FMEA deals with singlepoint failures, is built bottom-up, and is presented mostly in the formof tables, while FTA analyzes combinations of failures, is builttop-down, and is visually presented as a logic diagram. The finalizedFMEA table and to big extent the process of FMEA itself are expected tocover ALL End Effects (EE). While dealing with all possible EE, aspotential outcome of analyzed Failure Mode (FM), FMEA lacks thecapability to sort/prioritize them—EE are presented as couple—EEattached to the FM under investigation, randomly distributed atdifferent points of the table in a “heap”. In contrary, the FTAconsiders one specific EE at all—covering all combinations of FailureModes (FM) causing this EE only. Here, by taking into accountcombinations of failures, FTA avoids the shortcomings of FMEA. However,being heavily dependent on personal experience and knowledge, even “fineart” of a performer-analyst, FTA has a tendency to miss some of (FM) orFM combinations.

Most failure analysis and studies are based on one of these approaches(FMEA or FTA). Rarely both FMEA and FTA will be performed, and whenperformed, these will be separate activities executed one afteranother—never seriously intertwining.

The present invention presents a system, methodology and procedure as atool capable to maximize the advantages and at the same time to minimizethe shortcomings of both separate methodologies. The result is adramatic improvement in the organizing and systematization of theanalyst's work, leading to the full coverage of all potentiallysignificant failure conditions and combinations.

SUMMARY OF THE INVENTION

The invention introduces Bouncing Failure Analysis (BFA)—an innovativeapproach replacing and extending the traditional and widely used FailureAnalysis (FA) techniques: Failure Mode Effect Analysis (FMEA) which isan example of the “bottom-up” approach and Fault Tree Analysis (FTA)which is an example of the “top-down” approach and all modifications ofboth methodologies: Event Tree Analysis, Dynamic FMEA, etc. When usingthe FTA approach there is possibility to miss some of the FMs orcombinations thereof and the result of the analysis highly depends onthe experience of the user. When using the FMEA approach the analysisrefers only to single-point FMs. The present invention may bridge thetwo methodologies allowing an analyst to “bounce” from one to another,i.e. to switch from one methodology to the other, in order to allowanalysis of more than a single FM at a time as in the “top-down”approach and concurrently to rely on the completeness of analysis of the“bottom-up” methodology. Bouncing allows switching between top-down andbottom-up analysis methods, from FT diagram to FM table and back,changing the presentation (FT uses the tree diagram and FMEA uses thetable presentation) and the direction of the analysis for convenience ofanalysis at any point in the process. The present invention extends FMEAmethodology taking into account the combinations of failure modes (as inFTA instead of just one Failure Mode at a time as in traditional FMEA).The present invention replaces the traditional “top-down” FTA process bythe “bottom-up” approach, far more intuitive and easy for mostengineers. It enables initiation of bouncing from time to time to the“top-down” approach and back, as well as incorporating “side effects”(which are the effect of events outside of the OUA on the EEs), i.e.Top-down, Bottom-up and Side-to-side analysis approaches, ensuringanalysis verification and subsequent update. The present inventionresults in a highly efficient, systematical study of failure modes and adramatic decrease of Time to Acceptable Analysis (TTAA), i.e. decreasingthe period of time from the beginning of analysis to the satisfactoryreport.

This invention provides a clear and easy step-by-step guide to performBouncing Failure Analysis (BFA) method and system according toembodiments of the present invention. The result is a complete coverageof all failure modes followed by the testability and detectabilityanalyses.

According to some embodiments of the present invention the analysis maystart with a traditional single point (i.e. one-at-a-time) failureanalysis and clear understanding or definition of all possible EndEffects (i.e. possible out-come of such failure) for the Object UnderAnalysis (OUA). creation of a complete “Interaction Matrix”(Pair-Combination Matrix) for double-, triple- and multi-point failures,provides the ways to bounce between Bottom-up to Top-down and back (FMEAto FTA), bringing in the methodology for cutting-down the size of theInteraction Matrices, and finally presenting comprehensive results:concurrent combinations of OUA failures, external triggers, catalystswith corresponding sequences.

In order to optimize the process and the outcomes of analysis methodsaccording to this invention it is possible to divide all FMs (amiddle-size system may have hundreds of FMs) into families/categoriesapplying a methodology of defect classification (taxonomy). Suchtaxonomy of failure modes (FMs) may be used to combine the entirefamilies of FMs making the analysis according to some embodiments of thepresent invention easy to perform, present and understand, as well asinterpret and reuse the results. Additional advantageous outcome ofusing taxonomy of FMs is a creation of the pairs of symbiotic on onehand and incompatible on the other hand families of FMs. For example,the FM Family “Hermetic Problem” which may include failure modes likecrack, hole, break in the case, housing, wall, etc. all of them arepossible failures members in the family “hermetic problem”, and theCatalyst Family “High Humidity” which may include members such as rain,snow, fog, etc. A member in hermetic problem and a member of thecatalyst family or a side effect may cause same or similar EE whenapplied simultaneously or in a certain order to OUA. For examplehermetic problem occurring after high humidity will not cause anyproblem, that is the EE will not happen and occurrence of high humidityafter an hermetic problem may cause the EE.

The introduction of failure analysis method according to someembodiments of the present invention may provide a solution,long-awaited by industry, which is at the same time complete,time-saving, and easily implemented in software interpretation of thetraditional practices: FMECA, FTA, Event Tree Analysis, TestabilityAnalysis and Process/Design FMEA methodologies.

The advantages of the present invention's performance one can easilyunderstand thinking about a simple, but very important example: theCause Effect Diagram (also known as Fishbone) presenting not only singlepoint failures (typical), but also the combination of possible Men,Machine, Method, Measurement, Material and Environment causes.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be understood and appreciated more fully fromthe following detailed description taken in conjunction with the figuresin which:

FIG. 1 is a schematic flow diagram of an embodiment according to thepresent invention;

FIG. 2 is a schematic block diagram of fault mode analysis according tosome embodiments of the present invention; and

FIG. 3 is a schematic tree diagram of triple-point fault analysis resultaccording to some embodiments of the present invention.

It will be appreciated that for simplicity and clarity of illustration,elements shown in the figures have not necessarily been drawn to scale.For example, the dimensions of some of the elements may be exaggeratedrelative to other elements for clarity. Further, where consideredappropriate, reference numerals may be repeated among the figures toindicate corresponding or analogous elements.

EMBODIMENT EXAMPLES ACCORDING TO THE PRESENT INVENTION

Following is a step-by-step description of one of the embodiments offailure analysis method according to the present invention, illustratedby FIG. 1, which is a schematic flow diagram of a method of performingfailure analysis according to some embodiments of the invention and isnow being referred to. Initially, all possible end effects (i.e.resulting malfunctions of the examined system due to a defined event) ofthe examined object (step 12) at top level are identified using possiblyany known analysis method and possibly relying on a list of functionalrequirements of said system. Following this step an appropriate severitymay optionally be assigned (step 13) to each of the end effects (EEs)subject to the malfunctioning consequences. Following this step, allpossible failure modes (FMs) that can cause each of the EEs may bedefined (step 14) at the bottom (component) level (i.e. single-pointanalysis). This may be done from an existing failure mode database forthe object under analysis (OUA). Such databases are known in the art,such as FMD-97 (Failure Mode/Mechanism Distributions, produced byReliability Analysis Center. Statistical compilation of failure modedistributions for a wide range of components). The analysis of steps12-14 may result for an object comprising components 1-4 and forrequired functionalities 1 and 2 of the examined object a list of EEswhich may be denoted EE11, EE12 etc. for functionality 1, EE21, EE22etc. for functionality 2, etc. This analysis may further result a listof FMs for the examined components, which may be denoted C1FM1, C1FM2for FMs 1 and 2 of object 1, C2FM1, C2FM2, etc. for object 2, etc. Onthe above described resulting lists the FMs may be analyzed (step 15)using any known failure mode event analysis (FMEA) method for asingle-point failure (i.e.—analyzing the influence of a single eventonly). This analysis may result a true/false indication or a true/falseindication with an associated approximated probability for the FM tooccur. At this step an assignment of association of the various FMs toappropriate EEs may also be done.

Attention is made now also to FIG. 2, which is a schematic block diagramrepresentation 20 of a fault-mode analysis of OUA 22 according to someembodiments of the present invention. Attention is also made to FIG. 3,which is a schematic tree diagram 100 of triple-point fault analysisresult according to some embodiments of the present invention OUA 22 maycomprise components 1-4 denoted 24, 26, 28 and 30 respectively. Theanalyzed EE for OUA 22 are listed on both sides of OUA 22. EE11 and EE12on the right for a first functionality and EE21, EE22 and EE23 on theleft for a second functionality. The possible FMs are listed under eachassociated component: C1FM1, C1FM2 for component 1 denoted 24, C2FM1 forcomponent 2 denoted 26 and so on. The association of EEs with theircorresponding FMs is represented by single-arrowed curved lineconnecting FMs with their associated EEs. The results of thesingle-point analysis are presented in FIG. 3 as the group of FMsdenoted 102.

At this stage a double-point failure analysis (step 16) may beperformed. Double-point analysis takes into consideration combinationsof two different FMs which may cause a specified EE, either whenhappening concurrently, or when happening one-at-a-time, with a firstorder or a second order of occurrence in time. This analysis may rely onthe association prepared according to the description above. Thisanalysis may result, for a defined OUA, for end event EE21 and as perdefined circumstances, the results which are illustrated in Table 1:

TABLE 1

In Table 1 all grayed squares represent combinations of two FMs whichwere excluded from the list of FMs the combination of which may havebeen the cause for EE21. Since the result of this analysis will alwayslead to a symmetrical matrix in which the symmetry line connects thesquare in coordinate C1FM1-C1FM1 with that of coordinate C4FM3-C4FM3,for the sake of clarity the lower-left half of the matrix of Table 1 wascovered by wave-like pattern and the results corresponding to thesesquares, being identical to their corresponding twin-square in the otherpart of the table, are not being considered further in this descriptionof the invention. Further, a step of excluding of all couples of FMs inthe table which may not be a reason for the investigated EE21 based onthe nature of the OUA is carried out. In the example of Table 1 theseare symbolized by the four squares covered by the black-slashed linepattern. At the end of this step all white squares in Table 1 representcouples of different FMs which may be a cause to the investigated EE21.This analysis may reflect, beyond the information gathered during thesingle-point analysis, also knowledge of the actual occurrence-relationsbetween such couples of different FMs and the possible effect of relatedoccurrence of these FMs with respect to one another on the analyzed EE.In order to properly produce Table 1 first exclude all failure modesthat cause the selected EE21 which were identified in the single-pointfailure analysis (the whole rows and columns). Second (optional),exclude all failure modes which can never be a cause for the selectedeffect based on the nature of the OUA. From the association of FMs toEE21 as presented in FIG. 2 some of the squares in table 1 may be markedas excluded (black-slashed lines). Further, according to the data inFIG. 2 it may be concluded that C4FM3 may not have any two-pointcombination that may cause EE21. This stage of analysis may typicallyend with a reduced number of optional two-point (couples) of FMs thatmay be the cause for EE21 either happening concurrently or ordered oneafter the other in time. The results of the double-point analysis arepresented in FIG. 3 as the group of FMs denoted 104.

Based on the previous step, a shortened Interaction Matrix may beproduced, as presented in table 2.

TABLE 2 EE21 C1FM1 C1FM2 C3FM3 C4FM1 C1FM1 disabled→ C1FM1 *

because can't be C1FM2 part of triple C3FM3 because any C4FM1combination of 3 with I1FM1 will include existing double pointLegend: * - C1FM1 together with C4FM1

 - First C1FM1 then C4FM1

 - First C4FM1 then C1FM1

Table 2 includes the internal FM only, i.e. representation ofinteractions of only internal FMs, (FMs that may happen inside theexamined system, as opposed to FMs that may happen outside of theexamined system but may have an implication on the EE). The whitesquares represent two-point occurrences that may lead to the result ofEE21 (in this example), while the symbols (such “*” or “→”) in some ofthe squares represent the order-of-occurrence of one of the two FMs withrespect to that of the other one, that will cause this result. Thisorder-of-occurrence in some cases practically represents an inductiveapproach and a kind of forward logic in “cause” to “effect” or “time” to“time” (“instant” to “instant”) event sequences or in time propagation.This analysis may be extending the previous analysis by takingadditional factors into account. First, catalyst type factors, thepresence of which may expedite or accelerate or increase the probabilityof occurrence of EE21 (in this example). Second, triggers (which areexternal factors) which are able to activate the EE. In this respect atrigger enables an internal failure mode (FM) to become the EE cause.

In this manner it is possible to define also the sequence of the failuremodes in the double-point failure. During selection in the matrix oftable 2, additional background process may occur. All failure modes thatcannot be a part of the triple point failure analysis will be disabled,similarly to the disabling of occurrences which were not possible in theproducing of table 1.

Similar to the double-point analysis, it is now possible to produce atriple-point analysis (step 17) by drilling further ‘down’ to thedesired failure mode (this failure mode must be enabled). By applyingthis methodology a selected failure mode with operation type is receivedand another shortened matrix. The operation type may be “*” or “→” where“*” to indicate that a failure mode in the shortened matrix happentogether with selected couples of FMs at the previous step failuremode(s) and “→” to indicate that failure modes in the shortened matrixhappen after selected couples of FMs at the previous step failuremode(s)). The selection in the cells of the matrix of Table 3 may definea triple-point failure that defines the occurrence of triple FMs thatmay cause a specified EE. To achieve that the same technique asdisclosed above with respect to the double-point failure analysis may beused. The results of the double-point analysis are presented in FIG. 3as the group of FMs denoted 106.

During the triple-point analysis described above a target fault tree 100(FIG. 3) for EE21 (101 in FIG. 3) may be produced and displayedautomatically. The analyst using the methodology of the presentinvention can switch (or ‘bounce’) between “bottom-up” to “top-down”approaches as well as between table and graphical presentations.

TABLE 3 Triple Point Failure EE21 C1FM2 C3FM3 C4FM1 C3FM3 * → Results atriple point failure C4FM1 C1FM2* C3FM3 * C4FM1In Table 3 C1FM2 is held “true”, which by itself cannot cause EE21, andthe various combinations of C3FM3 and C4FM1 are investigated, lookingwhether or not there is a combination of the two which may cause EE21and in what order of occurrence. The process involves transfer ofresults of the evaluation into FMEA tables. First FMEA table is builtfor single-point failure analysis, then for double-point failureanalysis and then for triple-point failure analysis and so on.

The methodology of drilling down with the fault analysis may be furtherrepeated to the “n” level, as may be desired or required (step 18).Activation of the methodology of the present invention for calculations;sensitivity analysis, reverse analysis, testability analysis, isolationtree construction etc. is possible at this stage.

Build FMEA back from the resulting FTA with combined failuremodes—actually the minimal cut-sets (MCS), etc. This is the last step ofanalysis (step 19) in which it is possible to bounce (BFA) between FMEAtables and FTA trees as may be required or at the convenience of theanalyst. This step may be performed as many times as needed to performdifferent types of study and analyses, for different parts of OUA and indifferent aspects, directions including time dimension.

FIG. 3 represents result of bounce after single, double and triple pointsteps. The graphical tree representation (actually a FTA) is based onpreviously described processes.

UTILIZATION OF THE INVENTION

The power of Failure Mode Analysis as a design and improvement tool hasbeen recognized increasingly by Industry, Services and ScientificCommunity. The method of failure mode analysis according to the presentinvention brings a revolutionary empowerment of the traditional FMEA &FTA approaches turning both techniques into more effective from thetime-consumption point of view and much more efficient in a largespectrum of applications, such as Safety, Security, Testability,Maintainability, Logistics, Quality, Reliability, Risk Management, andVerification of compliance to different failure-related Regulations.Being clearly defined and based on well-systemized algorithm, the methodof failure mode analysis according to the present invention may beeasily implemented in a software tool. As such, the tool functioningaccording to embodiments of the present invention may have the followingadvantages:

-   -   BFA is extremely useful in equipment and process planning,        creation, failure analysis and improvement in automotive,        pharmaceutical, medical devices, avionics, electronics,        communication, service, medicine, software, etc. industries.    -   BFA methodology, by its nature, may insure completeness of        study. This feature is extremely important in the safety        applications.    -   BFA methodology can be used for verification of previously done        failure mode analyses (FMEA, FTA, etc) results, especially        during investigation of accidents.    -   The BFA methodology is a unique analysis that can be carried out        in all possible directions: bottom-up, top-down, aside        (including investigating effect of external FMs), as well as in        time. Thus, the BFA methodology may be considered a “360°        approach”.    -   BFA methodology can be used especially when the depth of        analysis is known, for example the depth of analysis required        for Fuzing systems safety (according with, for example,        MIL-STD-1316 (Fuze Design Safety Criteria)—that requires        analysis up to double point failure), or as for Nuclear        Industry, where standards requires analysis up to eight point        failures.    -   BFA methodology may provide very important and accurate data for        building Isolation and Troubleshooting procedures.

It will be appreciated by persons of ordinary skill in the art thataccording to some embodiments of the present invention other designs ofmethodology for failure analysis involving multi-point fault modeanalysis according to the principles of the present invention arepossible and are in the scope of this application.

While certain features of the invention have been illustrated anddescribed herein, many modifications, substitutions, changes, andequivalents will now occur to those of ordinary skill in the art. It is,therefore, to be understood that the appended claims are intended tocover all such modifications and changes as fall within the true spiritof the invention.

1. A method comprising: identifying a group of fault modes that maycause a defined fault; selecting, defining as single-point fault modeand excluding from said group all fault modes that may cause said faultwhen occurring one-at-a-time; selecting, defining as double-point faultmode and excluding from the group of faults left after the previous stepall fault modes that may cause said fault when two from said remainingfaults occur sequentially or concurrently; repeating the previous stepfor the remaining fault modes N−1 times to produce a N-point fault modeanalysis, where N is an integer-equal or greater than
 1. 2. The methodof claim 1 further comprising in each step of identifying, for N greaterthan 1, a step of indicating the nature of occurrence of the N-pointfault modes with respect to each other, said indication is selected fromthe group comprising concurrently and sequentially and don't-care. 3.The method of claims 1 or 2 further comprising: producing a fault treerepresentation of said fault modes.
 4. The method of claims 1 or 2further comprising: producing a failure mode effect representation ofsaid fault modes.
 5. The method of claims 3 or 4 wherein saidrepresentation is produced using top-down approach and bottom-upapproach interchangeably during said production of said representation.